Authenticating across domains
Cole, Timothy D.
timothy_d_cole at md.northgrum.com
Tue Dec 21 19:57:49 GMT 1999
> -----Original Message-----
> From: Christian E [SMTP:cej at ti.com]
> Sent: Tuesday, December 21, 1999 11:51
> To: Cole, Timothy D.; Samba Mailing list
> Subject: Re: Authenticating across domains
>
> "Cole, Timothy D." wrote:
> >
> > > -----Original Message-----
> > > From: Christian E [SMTP:cej at ti.com]
> > > Sent: Tuesday, December 21, 1999 11:05
> > > To: Multiple recipients of list SAMBA-NTDOM
> > > Subject: Authenticating across domains
> > >
> > > Hi,all
> > >
> > > I've seen this question before, but I don't think it was
> answered.
> > > Does
> > > anyone know how to authenticate with more than one domain ? I have a
> > > problem at the moment with a user who would like access to our file
> > > server from another domain. The NT domains have a trust set up but
> still
> > > we get "invalid user name or password" when we try to connect to the
> > > samba box..It works to another NT box across the domain though...
> > >
> > Is the samba box a PDC? If not, is "security = domain", and
> does
> > the domain it is in trust the other domains?
>
>
> It is not a PDC and security is set to domain . It authenticates
> with
> an NT BDC which is in a domain who is trusting the other domain...Is it
> necessary to point to a BDC/PDC in the other domain ??
>
Hmm, no, that probably wouldn't do what you want. In "security =
domain", it definitely has to be pointing to a PDC/BDC of the domain it's a
member of (in general it should be anyway)
I have no idea if this will make a difference, but ideally rather
than just the one BDC, you should probably specify the PDC and then all of
the BDCs for the domain on the one "password server = " line, separated by
whitespace. (i.e. "password server = SMYDOM00 SMYDOM01 SMYDOM02") At least
that's how we have it here, and domain trust relationships seem to work.
More information about the samba-ntdom
mailing list